from the a-question-of-trust dept

The UK government's response to Snowden's leaks has been twofold: that everything is legal, and that everything is subject to rigorous scrutiny. We now know that the first of these is not true, and the second is hardly credible either, given that the UK's main intelligence watchdog has only one full-time member. There's one other main oversight body, the UK's Intelligence and Security Committee of Parliament (ISC), which is tasked with examining:

the policy, administration and expenditure of the Security Service, Secret Intelligence Service (SIS), and the Government Communications Headquarters (GCHQ).

The ISC was criticized as part of a larger condemnation of intelligence oversight by another UK Parliament committee. The head of the ISC, Sir Malcolm Rifkind, was reported by the Guardian as dismissing those criticisms as "old hat," as if that somehow made them acceptable. Rifkind has now been caught up in a rather more serious row, which involves reporters from the UK's Channel 4 and The Telegraph newspaper posing as representatives of a Chinese company:

PMR, a communications agency based in Hong Kong was set up, backed by a fictitious Chinese businessman. PMR has plenty of money to spend and wants to hire influential British politicians to join its advisory board and get a foothold in the UK and Europe.

Here's what Channel 4 and the Telegraph allege happened in their meeting with Rifkind:

Sir Malcolm also claimed he could write to a minister on behalf of our company without saying exactly who he was representing

Sir Malcolm added that he could see any foreign ambassador in London if he wanted, so could provide 'access' that is 'useful'

Rifkind said that he was "self-employed" -- in fact, he is a Member of Parliament, and receives a salary of £67,000 per year -- and that his normal fee was "somewhere in the region of £5,000 to £8,000" for half a day's work. There's no suggestion that Rifkind made any reference during the sting to his role as head of the ISC, but that's not really the point. He was offering a Chinese company access to influential people purely because he would get paid to do so, and that is surely not the kind of person you would want to grant the high-level security clearance Rifkind enjoys.

Then there is the question of what happens when Rifkind leaves Parliament: as Techdirt noted back in 2012, politicians can earn huge amounts of money by going to work as lobbyists, drawing on their contacts to ease the path for legislation or contracts or whatever. According to the disgraced lobbyist Jack Abramoff, merely letting politicians know that a job as lobbyist was waiting for them if they wanted it can be enough to shift their loyalties. That would be hugely troubling if it concerned someone occupying such a sensitive position as Rifkind.

After initially being suspended from the Conservative party, pending a disciplinary review, Rifkind has now resigned as chairman of the ISC, and announced that he will not be a candidate for re-election in the UK's general election later this year. He probably decided to fall on his sword in an attempt to spare the UK government further embarrassment, but his move will do little to bolster the dwindling credibility of the ISC, or the repeated claim that there are no problems with oversight of UK intelligence services.

from the pay-no-attention-to-the-men-behind-the-haystacks dept

The Privacy and Civil Liberties Oversight Board (PCLOB) has just released its assessment [pdf link] of the NSA's ability to follow instructions. One year ago, it assessed the Section 215 bulk records collection. Six months later, it assessed the Section 702 program, which hoovers up email communications. Now, it has followed up on its recommendations and found the NSA surprisingly cooperative.

Overall, the Board has found that the Administration and the Intelligence Community have been responsive to its recommendations. The Administration has accepted virtually all of the recommendations in the Board’s Section 702 report and has begun implementing many of them. It also has accepted many of the recommendations in the Board’s Section 215 report and has supported legislation that would satisfy several more, including the most far-reaching of the Board’s proposals.

BUT:

However, many of the recommendations directed at the Administration have yet to be fully satisfied, with the Administration having taken only partial steps, at most, toward implementing them.

The first recommendation was one of the biggest: end the Section 215 program. The NSA doesn't really want to do this, but has seemed receptive to making some changes. The administration, on the other hand, hasn't offered anything to date other than lip service in support of this recommendation. It's been left up to legislators and, so far, legislation targeting the collection has failed to move forward. As the PCLOB noted in its assessment, the Section 215 program "lacks a viable legal foundation," as well as "posing a serious threat to privacy and civil liberties." And yet, it continues on unabated, with four renewals by the FISA court since the PCLOB's original assessment was delivered.

The PCLOB is now gently nudging the administration towards taking a hands-on approach.

It should be noted that the Administration can end the bulk telephone records program at any time, without congressional involvement.

On the bright side, the NSA has cut back on the number of hops in its contact chaining and has to seek approval from the FISA court to search its stored records, and it must be able to provide proof of "reasonable articulable suspicion" before it can do so.

The same goes for the introduction of an actual adversarial process to FISA court proceedings with the addition of an advocate acting on behalf of Americans' interests. The NSA is in no hurry to see this done and, again, the administration has offered its support of the board's recommendations but has made no movement on its own. It's left to legislation to fix this, and if earlier NSA-targeting bills are any indication, this will most likely add to the growing pile of papery corpses left behind by failed Congressional fixes.

The NSA is also taking hesitant steps to publicly release more information on FISC orders and rulings. We've seen some of this via the Office of the Director of National Intelligence's tumblr blog. (Still a very odd sentence to type…) But, it must be noted that a large majority of what has been "released" so far has actually been propelled out of the ODNI's hands by a handful of FOIA lawsuits. So, this new "openness" is not entirely dissimilar to confessions that take "enhanced interrogation techniques" to acquire.

As for the Section 702 program, the PCLOB has recommended a number of technical changes, most of which are at least partly implemented at this point. What's more worrying is the fact that the NSA still continues to harvest "about" communications, thanks to its ability to talk a hesitant FISA court into a "novel" legal theory while operating under interim legislation back in 2007.

The PCLOB raises several concerns about the Section 702's harvesting of communications based on very tenuous connections.

[T]he permissible scope of targeting in the Section 702 program is broad enough that targets need not themselves be suspected terrorists or other bad actors. Thus, if the email address of a target appears in the body of a communication between two non-targets, it does not necessarily mean that either of the communicants is in touch with a suspected terrorist...

While “about” collection is valued by the government for its unique intelligence benefits, it is, to a large degree, an inevitable byproduct of the way the NSA conducts much of its upstream collection. At least some forms of “about” collection present novel and difficult issues regarding the balance between privacy and national security. But current technological limits make any debate about the proper balance somewhat academic, because it is largely unfeasible to limit “about” collection without also eliminating a substantial portion of upstream’s “to/from” collection, which would more drastically hinder the government’s counterterrorism efforts. We therefore recommend that the NSA work to develop technology that would enable it to identify and distinguish among the 24 types of “about” collection at the acquisition stage, and then selectively limit or modify its “about” collection, as may later be deemed appropriate.

The PCLOB also urges the release of information concerning the NSA, FBI and CIA's minimization procedures and stats on how often the NSA acquires and uses the communications of US persons -- both of which are in the "being considered" to "being implemented" stages.

Most importantly, the PCLOB recommends the NSA cough up some evidence that these collections actually have any value. Unsurprisingly, this falls under the "not implemented" heading. And the ODNI/NSA's stalling only makes it look as though these programs are all show, but little substance.

Determining the efficacy and value of particular counterterrorism programs is critical. Without such determinations, policymakers and courts cannot effectively weigh the interests of the government in conducting a program against the intrusions on privacy and civil liberties that it may cause.

Those on the surveillance side always remind us that there needs to be a balance between national security and civil liberties, but the agencies they defend have never bothered to examine the security/privacy ledger. And they're in no hurry to do so. The Section 215 program's effectiveness is highly dubious, and as for the Section 702 program, we (including the PCLOB) don't have enough information to even begin weighing its comparative value. For all the forced transparency, there simply hasn't been much forthcoming on the program itself, much less how useful it is in terms of counterterrorism.

If the NSA wishes to continue its plundering of privacy in pursuit of security, it needs to provide some hard data to back up its assertions that these programs are essential to the safety of the nation. It won't make the plundering OK, but at least it will give the public some idea where their rights stand in the NSA's eyes.

from the so-they-can-be-burned dept

We had mentioned in the past, that once Senator Richard Burr took over the Senate Intelligence Committee, it seemed likely that the CIA torture report, prepared by the Committee's staffers, would be buried. That was before the redacted version of the executive summary was released, and it was written to explain why an agreement needed to be reached to release the report before the new Congress took over. However, what we didn't expect was that Senator Burr, upon taking office, would then take the rather unprecedented step of trying to bury the report anyway.

Burr, upon taking charge in January, wrote to the executive branch and the federal agencies in receipt of the document, and asked that it be returned to the committee, as he did not feel it was a valid disclosure.

“It gets pretty technical,” Burr said, confirming he sent the letter. The full document, he explained, had been voted complete in the 112th Congress, and the release of the executive summary was voted on by the 113th Congress.

But what wasn’t ever agreed upon, said Burr, was the disclosure of the full report to several arms of the federal government, which prompted his letter demanding all copies be returned.

And, that's not all he's asking for. He's also demanding back the so-called "Panetta Review," which was the internal review, done by the CIA of the torture program, with findings that largely mirrored the Senate Intelligence Committee's report. The Panetta Review had been done, on the orders of then director Leon Panetta, and the CIA insists it was only meant for internal use at the CIA. At some point, however, according to the Intelligence Committee staffers, the CIA gave a draft of that document over to the those staffers. That resulted in then Senator Mark Udall asking the CIA for the final review -- leading the CIA to freak out that a Senator knew of the existence of the Panetta Review in the first place.

That, of course, resulted in the CIA then spying on the Senate staffers' computers to find out how they got the document and the CIA ridiculously claiming that the staffers had violated criminal laws in removing the document from the network and storing it in a safe place. Udall, before leaving Congress, argued that the Panetta Review should be released, but Burr has (not surprisingly) demanded the document back.

Once again, this raises some serious questions about what Senator Burr thinks his role is. Is it oversight of the CIA -- or is he the CIA's protector? Because the demands for both of these reports to be "returned" so that he can more or less destroy them, certainly suggests the latter, rather than the former.

And, as ridiculous as it may sound to demand the return of these reports, it's more than just a gesture of solidarity with the CIA. The ACLU is currently suing the CIA over its refusal to release the Panetta Review under a FOIA request and also the federal government for refusing to release the full CIA torture report. Having that information in other parts of the government make it more likely that a court could order it to be turned over. But Burr seems to be focused on making sure that it's only held by "friendly" parties who might destroy this important historical document, detailing the CIA's abuses. As the ACLU noted in a statement:

“Senator Burr is supposed to be overseeing the CIA, not covering up its crimes. The full Senate torture report was given to Executive Branch agencies to be widely used to make sure that the federal government learns its lesson and never uses torture again. Senator Burr’s attempt to recall the report seems like a bid to thwart Congress’s own Freedom of Information Act, which protects the rights of the American people to learn about their own government. Americans should ask, if Senator Burr isn’t going to serve his role in the Constitution’s system of checks and balances, then why did he want to be chairman of the intelligence committee? This is a poor start to a chairmanship.”

from the outraged-at-the-lack-of-outrage dept

More news of secret surveillance has been uncovered, thanks to FOIA requests. Police in Tacoma, Washington have a Stingray device and have been using it, unbeknownst to pretty much everyone in the area. And it's not just a recent development. According to information obtained by The News Tribune, this dates back more than a half-decade.

Deputy City Attorney Michael Smith redacted much of the identifying information on a May 2013 invoice for the equipment, saying disclosure “would allow the identification of confidential pieces of technology.”

However, unredacted portions of those public records as well as other documents reviewed by The News Tribune indicate the Police Department has had the ability to wirelessly search neighborhoods since as early as 2008.

So, why is this information just coming out now? For one, law enforcement hasn't been particularly forthcoming. Harris has its own restrictive non-disclosure agreements to keep mouths shut, but the factor specifically cited in this article is the federal government.

Police Chief Don Ramsdell, through a spokeswoman, declined an interview request to talk about the police department’s apparent purchase of a Stingray device and associated technology. The department cited a nondisclosure agreement it has with the FBI.

So, the FBI -- a federal agency -- helped ensure that no one involved with the oversight of law enforcement and its new toys had any idea what was going on.

The people who could have provided some sort of accountability completely failed. Read this sentence and remember that these are people elected to look out for the public's interests.

News that the city was using the surveillance equipment surprised City Council members, who approved an update for a device last year…

Terrible, although some of this can be blamed on the lack of openness within law enforcement. Now, read the second half of that sentence and marvel at the undermining of the criminal justice system.

…and prosecutors, defense attorneys and even judges, who in court deal with evidence gathered using the surveillance equipment.

No one knew. No one. Prosecutors didn't know how the evidence they were using was being obtained and defense attorneys couldn't effectively challenge evidence because its origin was obscured. And if judges don't know, then it means local law enforcement lied about how they were obtaining data, either through parallel construction or simply assuming the gathering of "business records" requires no warrant.

Now that they're informed, the statements they're making are disturbing in their abject cluelessness.

“If they use it wisely and within limits, that’s one thing,” said Ronald Culpepper, the presiding judge of Pierce County Superior Court, when informed of the device Tuesday. “I would certainly personally have some concerns about just sweeping up information from non-involved and innocent parties — and to do it with a whole neighborhood? That’s concerning.”

"Concerning?" "Sweeping up information" is the only way these devices work. They can't target anything because they're not designed to. This isn't like bugging a phone. This is grabbing every record generated and searching it later for what's actually of interest. And Culpepper's "personal concerns" are also those of the public, so he'd better keep that in mind when dealing with this device in the future, rather than placing the "concerns" of law enforcement ahead of his and everyone else's.

Worse yet are the comments of city representatives, who think it's OK for the police to have a device that indiscriminately grabs connection information (and a device that they lied about) because they're the police.

City Manager T.C. Broadnax:

“I’m not in law enforcement, but it’s my impression that it assists them in doing their job more effectively, and that’s to protect the public.”

Mayor Marilyn Strickland:

“If our law enforcement need access to information to prevent crime or keep us safe, that’s a legitimate use of the technology,” she said. “We are more focused on preventing crime and keeping our community safe than getting in people’s business.”

[That "we" is supposed to be you and the public, not you and the police force.]

Councilman David Boe:

“I’ve got to find out what I voted on before I comment.”

[Why bother now?]

Another city council member conceded he was never given details on the purchase he was approving, but that it "doesn't surprise him" that law enforcement has this type of device. The cover-up was OK because it keeps investigations from being compromised. Another council member said she would need to "check with the city manager" before commenting, so we can probably just copy and paste Broadnax's "police fight crime" head nod from above.

But some of these representatives must have known. The public records trail (obtained by MuckRock) shows a memo from 2007 seeking to bypass the competitive bidding process. After the first Stingray was obtained in 2008, the city named Detective Jeffrey Shipp "Employee of the Month," citing this:

“for his work in procuring a $450,000 training and equipment grant for a cellular phone tracking system — one of only five awarded across the country. Great job!”

This money was mostly a DHS grant, and law enforcement cited the technology's usefulness to its "Explosive Ordinance Detail" as the primary reason for the acquisition. No document details how many explosive devices were detected or disarmed using the cell phone tracker. Unsurprising, considering it's being used to track drug dealers and other "normal" criminal activity.

What is also uncovered in the documents is some indication of how the Stingray's use is being concealed. Multiple warrants have been issued for cellphone records, none of which apparently refer to them being collected by a cell tower spoofer. It also looks as if pen register/trap and trace orders are being used as permission slips for dragnet collections. In both cases, law enforcement is using targeted paperwork for untargeted collections. But prosecutor Mark Lindquist says that even though he knew nothing about the device or its usage, everyone's still playing by the rules.

Prosecutors have to be able to defend evidence in court, he said. As far as he knows, local law enforcement is “playing by the rules.”

“None of this evidence has been successfully challenged by the defense, and from that, I can infer that law enforcement is doing it right,” he said. “Both prosecutors and defense attorneys will review warrants and make sure that they are valid.”

That's how you can quantify the "rightness" of evidence obtained through parallel construction? No evidence has been "successfully challenged" by the defense? That's so stupid it must be a misquote. How can you successfully challenge evidence if the paper telling you how it was obtained obscures the true source? In Lindquist's eyes, dealing evidence from the bottom of the deck is "playing by the rules."

And the police haven't been forthcoming about the disposal of incidental data. If the device has been used secretly for a half-dozen years, and everyone in an oversight position is claiming to have just heard about it now, there's very likely no minimization guidelines or policies. There are hints that irrelevant data is deleted, but there's nothing in here that says how long its retained before this happens… if it happens.

So, law enforcement buys cell tower spoofers and the FBI encourages them to hide the details. It attempts to obscure it behind some sort of counterterrorism facade (for thwarting IEDs, remember?), gaining it kudos from the city for all the money it managed to talk the DHS out of. It then hides the use from the entirety of the criminal justice system and makes its oversight bodies look like complete fools. And we're supposed to trust them not to abuse the incidental data they collect?

from the we-need-all-this-info-for-several-reasons:-here's-one-of-them dept

Court documents show that Fairfield Police Officers Stephen Ruiz and Jacob Glashoff used company time and equipment to search for women on internet dating sites.

Just a bad idea, whether you're a government employee or engaged in the private sector rat race. In almost every case, using work computers (while on the clock) to surf dating sites will be a violation of company/agency policy. But there's more.

Court documents allege the officers then used a police-issued computer to look up the women they found appealing in a confidential law enforcement database that connects to the DMV and state and federal records.

There's not a ton of commentary to add here. The basic issue is this: many, many people have access to personal information that the government demands you provide in exchange for essential items like driver's licenses, vehicle/home titles, etc. Connected to these databases is one used to house information on every personbooked by police (notably, not every person convicted or even every person charged).

Some people place a lot of trust in those who have access to this information. This trust is often misplaced. Many others place no trust in those who have this access and yet, there is very little they can do without placing their personal information in the hands of people they actively distrust.

Having verifiable records on hand is a safeguard against fraud and other criminal activity… by the public. The internal safeguards meant to protect citizens from untoward actions by public servants are ultimately useless because the government far too frequently refuses to take serious actions against those who abuse the public's trust. People are given paid suspensions or are allowed to transfer out of the agency rather than face more severe consequences. These two officers face the possibility of criminal charges (after being reported by another officer -- kudos to him or her) but in the meantime, both are still on duty and fully paid. Innocent until proven guilty, sure, but it would seem the police department should have caught this before it became a problem severe enough that felony charges are even being discussed. Externally, police are issuing tickets for expired vehicle tags and other minor lapses. Internally, no one can apparently be bothered to monitor access of sensitive info.

Defenders of surveillance and the wholesale collection of personal information by government entities often claim the Googles and Twitters of the world are just as disinterested in your privacy as any government agency. But you can opt out of Google, Twitter, et al. You can choose to not participate. The government, for the most part, isn't optional. There's no TOS you can read before deciding to do business elsewhere. Your information is gathered, stored and rifled through by any number of people, some of whom are doing it just because their positions give them access.

from the don't-get-bogged-down-in-section-215-and-702 dept

We've written a few times about Executive Order 12333, which we've described as "the NSA's biggest loophole." It's the unchecked power, created entirely via executive order, for the NSA to do anything it wants to spy on anyone -- including Americans -- so long as that data is collected overseas. Remember how the NSA had hacked into Google and Yahoo's datacenters? That was done overseas under EO 12333, allowing them to do whatever they wanted with that information -- content and metadata -- with no oversight at all. For all the talk about how the NSA is bounded by oversight from "all three branches" of government, that's clearly not the case. Everything happening under EO 12333 is mostly considered to be only controlled by the Executive branch, which created the order in the first place. There are no reports to Congress about it, and even Dianne Feinstein has admitted that the Intelligence Committee doesn't touch any of the surveillance done under EO 12333.

In an incredibly revealing opinion piece, former State Department official John Napier Tye, who just left in April of this year, goes on in great detail about how EO 12333 is the real concern and how it's almost certainly a violation of the 4th Amendment.

Executive Order 12333 contains nothing to prevent the NSA from collecting and storing all such communications — content as well as metadata — provided that such collection occurs outside the United States in the course of a lawful foreign intelligence investigation. No warrant or court approval is required, and such collection never need be reported to Congress. None of the reforms that Obama announced earlier this year will affect such collection.

Without any legal barriers to such collection, U.S. persons must increasingly rely on the affected companies to implement security measures to keep their communications private. The executive order does not require the NSA to notify or obtain consent of a company before collecting its users’ data.

Tye actually opens his piece with a rather revealing anecdote about a speech he wrote which had to be adjusted to make it factual. The change... is quite important:

In March I received a call from the White House counsel’s office regarding a speech I had prepared for my boss at the State Department. The speech was about the impact that the disclosure of National Security Agency surveillance practices would have on U.S. Internet freedom policies. The draft stated that “if U.S. citizens disagree with congressional and executive branch determinations about the proper scope of signals intelligence activities, they have the opportunity to change the policy through our democratic process.”

But the White House counsel’s office told me that no, that wasn’t true. I was instructed to amend the line, making a general reference to “our laws and policies,” rather than our intelligence practices. I did.

Even after all the reforms President Obama has announced, some intelligence practices remain so secret, even from members of Congress, that there is no opportunity for our democracy to change them.

In other words, for anyone who claims that the NSA's surveillance can be changed democratically via Congress -- well, the White House basically knows that's simply not true.

For his part, Tye did exactly what NSA defenders keep insisting anyone with problems should do: he filed complaints internally, making use of all the proper channels:

Before I left the State Department, I filed a complaint with the department’s inspector general, arguing that the current system of collection and storage of communications by U.S. persons under Executive Order 12333 violates the Fourth Amendment, which prohibits unreasonable searches and seizures. I have also brought my complaint to the House and Senate intelligence committees and to the inspector general of the NSA.

Tye also makes it quite clear that the NSA is almost certainly collecting email and internet data, despite denials from General Alexander. It appears that Alexander pulled a "not under this authority" trick to try to mislead people:

All of this calls into question some recent administration statements. Gen. Keith Alexander, a former NSA director, has said publicly that for years the NSA maintained a U.S. person e-mail metadata program similar to the Section 215 telephone metadata program. And he has maintained that the e-mail program was terminated in 2011 because “we thought we could better protect civil liberties and privacy by doing away with it.” Note, however, that Alexander never said that the NSA stopped collecting such data — merely that the agency was no longer using the Patriot Act to do so. I suggest that Americans should dig deeper.

Consider the possibility that Section 215 collection does not represent the outer limits of collection on U.S. persons but rather is a mechanism to backfill that portion of U.S. person data that cannot be collected overseas under 12333.

He also notes that when the Presidential task force recommended changes, it secretly intended some of the changes to apply to EO 12333 but worded it in a way to avoid revealing how much that program was used -- but the White House and the intelligence community are now resisting those changes because of the impact it would have:

The White House understood that Recommendation 12 was intended to apply to 12333. That understanding was conveyed to me verbally by several White House staffers, and was confirmed in an unclassified White House document that I saw during my federal employment and that is now in the possession of several congressional committees.

In that document, the White House stated that adoption of Recommendation 12 would require “significant changes” to current practice under Executive Order 12333 and indicated that it had no plans to make such changes.

There's a lot more in Tye's piece -- but kudos to him for coming out and making this point clearly. While we've raised concerns about EO 12333 in the past, most of the discussion has been focused on the officials programs concerning what happens domestically: Section 215 of the Patriot Act and Section 702 of the FISA Amendments Act. But as Tye makes clear, those programs are only used to "backfill" what can't be picked up under EO 12333 -- a program that has no real oversight, and which is used broadly to collect all kinds of content on people around the globe, including Americans.

Thanks to Tye for standing up and stating clearly what's going on. Hopefully it will lead others to stand up and get the White House and the NSA to come clean.

from the about-time dept

For all of our discussions about how the US government has responded idiotically to the Snowden revelations, the response in the UK has been much worse. Making newspapers destroy hard drives, detaining people at airports for "terroristic" acts of journalism and generally seeking to block any and all discussion goes a level beyond what's happened in the US. And it's become clear that, as weak as oversight of the intelligence community has been in the US, it's been even worse in the UK, where its own "watchdog" only has one full-time employee.

And, while there's been at least a somewhat healthy debate about the state of surveillance within the US Congress, it's been much more muted over in the UK. So it's encouraging to see a new report come from a group of UK Members of Parliament that issues a blistering condemnation of the current state of oversight of the UK intelligence community:

A highly critical report by the Commons home affairs select committee published on Friday calls for a radical reform of the current system of oversight of MI5, MI6 and GCHQ, arguing that the current system is so ineffective it is undermining the credibility of the intelligence agencies and parliament itself.

The MPs say the current system was designed in a pre-internet age when a person's word was accepted without question. "It is designed to scrutinise the work of George Smiley, not the 21st-century reality of the security and intelligence services," said committee chairman, Keith Vaz. "The agencies are at the cutting edge of sophistication and are owed an equally refined system of democratic scrutiny. It is an embarrassing indictment of our system that some in the media felt compelled to publish leaked information to ensure that matters were heard in parliament."

Of course, the current head of the intellegence and security committee in Parliament, Sir Malcolm Rifkind, pretty much dismissed the entire report with a wave of the hand, calling it "old hat."

Still, the report is fairly damning for the intelligence community, and directly notes what a service Ed Snowden appears to have done in exposing just how out of control the intelligence community has become -- and what little real oversight the government has over it. While some MPs (from the Labour and Lib Dem parties) sought to congratulate the Guardian for "responsibly reporting" the Snowden leaks, others from the Tory party voted them down. Still, it's good to see members from two of the three major UK political parties admit that you can responsibly report on these things and that Snowden helped to open up a "wide and international public debate."

The report also contrasts how the Guardian has responded to Parliamentary inquiry with that of the intelligence community:

Their report says Alan Rusbridger, editor of the Guardian, responded to criticism of newspapers that decided to publish Snowden's disclosures, including the head of MI6's claim that it was "a gift to terrorists", by saying that the alternative would be that the next Snowden would just "dump the stuff on the internet".

The MPs say: "One of the reasons that Edward Snowden has cited for releasing the documents is that he believes the oversight of security and intelligence agencies is not effective. It is important to note that when we asked British civil servants – the national security adviser and the head of MI5 – to give evidence to us they refused. In contrast, Mr Rusbridger came before us and provided open and transparent evidence."

The report makes clear the intelligence chiefs should drop their boycott of wider parliamentary scrutiny. "Engagement with elected representatives is not, in itself, a danger to national security and to continue to insist so is hyperbole," it says.

from the oversight! dept

Ryan Gallagher, over at The Intercept, has a report on some previously unreleased Snowden documents, detailing how GCHQ was given a taste of widespread access to the NSA PRISM database as well as its bulk metadata collections during the London Olympics in 2012, and that they were basically begging for continuous unrestricted access to those databases. At the time of the documents, the NSA had not yet given GCHQ such access (beyond that one shot during the Olympics) but apparently seemed receptive to the idea. That wasn't the most interesting part of the article, however. After all, what kind of spies would they be if they weren't constantly seeking more access to the troves of info that the NSA had been collecting as well. The part that struck me as just as noteworthy is that it appears that GCHQ hid its level of access to the NSA databases from its overseers in Parliament:

[Julian] Huppert, the member of Parliament, served on a committee that reviewed – and recommended against – a push from the British government for more powers to access private data before the Snowden materials became public last year.

At no point during that process, Huppert says, did GCHQ disclose the extent of its access to PRISM and other then-secret NSA programs. Nor did it indicate that it was seeking wider access to NSA data – even during closed sessions held to allow security officials to discuss sensitive information. Huppert says these facts were relevant to the review and could have had a bearing on its outcome.

“It is now obvious that they were trying to deliberately mislead the committee,” Huppert told The Intercept. “They very clearly did not give us all the information that we needed.”

One of the common themes that these revelations keep re-emphasizing is that the intelligence community keeps insisting that they won't abuse their powers because of their strong "oversight." And yet, every time we get a chance to look more closely at the actual oversight, we find that the oversight is almost non-existent. The intelligence community is as cagey and misleading in private classified sessions as they are in public.

from the 'oversight'-is-the-new-'forced-myopia' dept

There has never been effective oversight of the NSA's bulk collections programs, or indeed, intelligence agencies in general. There's been a lot of noise made about this vaunted oversight in defense of programs revealed by leaked documents, but this is nothing more than a talking point.

The NSA (along with the CIA) has no interest in real oversight or accountability, not even to the final arbiter of its domestic surveillance, the FISA court. Judge Walton threatened to end the Section 215 collection back in 2008 after uncovering widespread abuse of the collections and the NSA's constant misrepresentation of how it was handling the data it collected.

Over the last several months, it's become apparent that the committees charged with oversight have withheld documents from their colleagues, and the agencies themselves have avoided answering specific questions about their tactics, turning oversight hearings into games of "20 questions."

But one would think the intelligence committees themselves would be on the inside track, considering chairpersons and ranking members are some of the most fervent defenders of domestic surveillance. That assumption would be wrong as well.

Here's Rockefeller explaining why, even back in 2007, intelligence oversight was a joke.

The clip only contains Rockefeller's response to the question (in bold below). Here's the answer in context.

DAVIS: Reports quote administration officials as saying this is going on and it’s being done in a way to avoid oversight of the Intelligence Committee. Is there any way—

ROCKEFELLER: They’ll go to any lengths to do that, as we’ve seen in the last two days [during hearings on FISA].

DAVIS: Is there anything you could do in your position as Chairman of the Intelligence Committee to find answers about this, if it is in fact going on?

ROCKEFELLER: Don’t you understand the way Intelligence works? Do you think that because I’m Chairman of the Intelligence Committee that I just say I want it, and they give it to me? They control it. All of it. ALL of it. ALL THE TIME. I only get - and my committee only gets - what they WANT to give me.

The Bureau of Investigation (BOI) was created on July 26, 1908, after Congress had adjourned for the summer. Attorney General Bonaparte, using Department of Justice expense funds, hired thirty-four people, including some veterans of the Secret Service, to work for a new investigative agency. Its first chief (the title is now known as director) was Stanley Finch. Bonaparte notified Congress of these actions in December, 1908.

If the agency was created without Congressional consent, it stands to reason those in it feel legislative oversight is both unwelcome and unnecessary. There's a lot more oversight happening now, but that's mainly because the NSA can't withhold leaked information from the committees. It's all out in the open.

So, when defenders of the agency start talking about oversight and legality, be sure to remind them that neither of these aspects are particularly strong. The agency operated in darkness for many, many years and the programs that skirted the Constitution were only made legal by dubious, reactionary legislation and secret interpretations of existing laws.

from the by-comparison,-our-piss-poor-oversight-looks-positively-robust dept

We have firmly established that the NSA's oversight is a joke. The House Intelligence Committee routinely hid documents from their fellow Congress members. The Senate side is headed by one of the most shameless champions of the surveillance state. (Well, right up until her office was subjected to it…) The administration finally began distancing itself from the NSA's activities months after the first leak, responding to the concerns of Americans with a brief list of weak reforms.

Britain's intelligence services had a system of oversight no better than that seen in the TV comedy Yes, Prime Minister, an MP said on Tuesday during a meeting of a Commons committee.

Julian Huppert, a Liberal Democrat, said the sitcom depicting ineffectual government was an appropriate comparison after it emerged that the intelligence services commissioner appearing before MPs worked only part-time, and operated with only one other staff member.

Two members, one part-time, to oversee the activities of British intelligence services. With that level of involvement, it's hardly a surprise that 6% of the 1,700 warrants issued last year received any sort of scrutiny. With this dearth of personnel, it's hardly a surprise (albeit still unexcusable) that the initial response to the leaks from Mark Waller, the part-time intelligence commissioner charged with overseeing MI5, MI6 and GCHQ, was incredulity: "Crikey. I wanted to know if I had been spoofed for 18 months."

Being a decent guy, but one who felt he had been seriously misled during his 18 months of part-time oversight, Waller immediately tried to get it all sorted out. The recounting of his vigorous efforts to get to the bottom of the intelligence community's misleading portrayal of its activities is what led to the MP's Britcom comparison.

Waller, who looked ill at ease during much of the questioning, said he had gone to see GCHQ to see if there was anything to the allegations. He saw the deputy chief of the GCHQ and was satisfied the allegations were without foundation.

Vaz said: "And how did you satisfy yourself? It seems from your comment that you had a discussion with them."

Waller replied: "Certainly."

Vaz said: "You heard what they had to say."

Waller replied: "Certainly."

Vaz probed further: "And you accepted what they had to say?"

Waller: "Certainly."

"Is that it?" asked Vaz.

"Certainly," replied Waller.

Vaz added: "Just a discussion?"

Waller: "Certainly."

Vaz, in conclusion, said: "And that's the way you were satisfied that there was no circumventing UK law. You went down, you went to see them, you sat round the table, you had a chat?

Julian Huppert, the MP who made the comparison to Yes, Minister summed up Waller's investigative "interrogation" more concisely.

"Can I come back to this comparison between Britain and the US? I presume you are both familiar with Yes, Prime Minister. There is a line there where it says, 'Good Lord, no. Any hint of suspicion, you hold a full inquiry, have a chap straight out for lunch, ask him straight out if there is anything in it and if he says no, you have got to trust a chap's word'."

So, the "watchdog," after feeling he had been lied to for 18 months, decided to confront the agency. The agency responded with "We haven't been lying" and that was apparently good enough for the commissioner. After all, if you can't trust the spies, who can you trust? Waller had done his due diligence, examining roughly 100 of the 1,700 warrants issued and had found nothing indicating anything was out of order.

In Britain, the question, "Who watches the watchers?" has been answered. The answer is, apparently, hardly anyone. Waller, the part-time commissioner charged with overseeing three intelligence agencies, looked "ill at ease" during questioning and initially refused to attend the hearing. But despite his clear reluctance to provide details of the watchdog "group's" clearly inadquate oversight and his embarrassing-to-everyone-involved recounting of his "chat" with GCHQ officials, Waller still insisted he had enough personnel to perform the job capably. This sounds strangely like someone whose real desire isn't to perform rigorous oversight, but rather collect a paycheck untroubled by controversy.